OmniView Serial Console Server ® User Manual F1DP116Sea
Table of Contents Product Overview....................................................................................................................1 Introduction....................................................................................................................... 1 Package Contents............................................................................................................. 1 Console Server Features..........................................................................
Table of Contents System Status and Log..........................................................................................................37 System Status................................................................................................................. 37 System Logging.............................................................................................................. 37 System Administration....................................................................................
Product Overview section Introduction Thank you for purchasing the Belkin OmniView Serial Console Server (Console Server). This device provides administrators secure monitoring and control of servers, routers, switches, and other serial devices from anywhere on the corporate TCP/IP network, over the Internet, or through dial-up modem connections, even when the server is unavailable through the network.
Product Overview Console Server Features 2 • In-band and out-of-band management Console port management solutions offer remote, reliable, and secure access to serialconsole ports through in-band networks and out-of-band connectivity options, such as serial terminal access and dial-up modem. • Manage network devices/servers centrally, remotely, and securely Reliable console-port management solutions allow you to encrypt sensitive data using proven protocols such as SSH/v2, SSL.
Product Overview • Universal Connectivity Kit (included) • RJ45-RJ45 CAT5 Cable (included) section Equipment Requirements System Requirements Web browser Browser Microsoft Internet Explorer version 6.0 SP1 and later Firefox version 2.0 and later Windows 2000 SP2 Yes Yes Windows Server 2003 Yes Yes Windows XP Yes Yes Windows Vista Yes Yes Red Hat Linux 3 and 4 No Yes Sun Solaris 9 and 10 No Yes Novell SUSE Linux 9 and 10 No Yes Fedora Core 4 and 5 No Yes Mac OS X 10.
Product Overview Unit Display Diagrams Front/Rear Panel Link LED Fig. 1 Front View Power LED Ready LED Port LEDs Reset button Fig.
Product Overview LED Power section LED Indicators, Button, and Connectors Indication Red – power indication ON: power is applied Ethernet Link/Act/10/100Mbps: Orange – 10BaseT Ethernet connection established Link Green – 100BaseT Ethernet connection established Blinking: when data in activity ON: when no data in activity and link connected Ready Port Activity (one LED per port) Green – blinking per second when system is ready Blue – traffic activity ON: in use (successful port log-in) Blinking: traffi
Product Overview Specifications Feature General Specification LEDs Power (red) Ready (green, normally blinking), Link/Act/10/100Mbps (Ethernet orange: 10Mbps, green: 100Mbps) Activity (blue for each serial port) Push button for reset, or restore to default RTC (real-time clock) 16-port (F1DP116S) Serial-port mode (RS232) Serial Interface Serial connector (RJ45) Baud rate (300 to 115200) Flow control (None, RTS/CTS, Xon/Xoff) RJ45 connector LAN Interface IEEE 802.
Local Installation section Where to place the Console Server: The enclosure of the Console Server is designed for stand-alone or rack-mount configuration. The Console Server can be mounted to a standard 19-inch server rack using the included rack-mount brackets and screws.
Local Installation Desktop or Rack-Mounting The Console Server can be placed on desktops or rack-mounted on 19-inch/1U racks. Note: Before you begin, locate the MAC address and serial number on the back of the Console Server. You may need these numbers later in the installation process, so it is highly recommended that you record these numbers below before mounting the Console Server to your rack.
Local Installation section Connecting the Target Devices to the Console Server 1. Power down the target device(s) that will be connected to your Console Server. 2. Connect the Ethernet cable to the port labeled LAN. 3. Locate the included power cord and plug the appropriate end into the power socket on the rear of the Console Server. Plug the other end into an appropriate AC wall outlet. Note: Allow about 100 seconds for the Console Server to complete the boot-up process. 4.
Network Configuration Before you can connect to a target device, you will need to configure the network settings. The Console Server offers two methods of setting the network: via web-browser interface or through the local console port. The Console Server offers support for both Dynamic Host Configuration Protocol (DHCP) and static IP addressing. Belkin recommends that an IP address be reserved for the Console Server and that it remains static while connected to the network.
Network Configuration section Note: HTTPS can be used for communication over an encrypted secure socket layer (SSL). When first connecting to the Console Server’s HTTPS configuration page, two browser security warnings may appear. Click “Yes” on both warnings.
Network Configuration Click Login . The web interface will open at the “Connect” page (see below). Main-Connect Page Step 3 Network Configuration Click on “Network” to open the Network-Configuration page (see below). Network-Configuration Page Here you can assign a static IP and other network settings. Click on “Save & Reboot” to store any network-configuration settings. Note: If the user leaves the web browser idle for more than 30 minutes, the login session will time-out and terminate the session.
Network Configuration section Assigning IP from the Console Port—VT-100 (Console, Telnet, SSH) The Console Server also offers a user-friendly, menu-driven command-line interface. You can simply connect a VT-100 terminal to the local console port to access the Console Server. This is useful when you do not know the network settings of the Console Server, and cannot access it. Through the local console port, you can view or change the settings (IP address, subnet mask, etc.). 1.
Network Configuration The following figure depicts the structure of the interface.
Network Configuration section Network > IP Config The page to the left shows the IP configuration items. 1. For IP mode — You can press the SPACE bar to select Static mode or DHCP mode. 2. For IP Address, Subnet Mask, Default Gateway, Primary DNS, and Secondary DNS — You can change these network settings. 3. After changing the settings and the final enter, the Console Server will prompt you to confirm YES or NO. If YES, the Console Server will reboot and save the settings into the flash memory.
Network Configuration Note: Only the admin user has the privilege to log in to VT-100. All the other users are not authorized to make configuration with VT-100. Web-Browser Management Interface The Console Server supports both HTTP and HTTPS (HTTP over SSL) protocols. Users must authenticate themselves by logging in to the system with a correct user name and password.
Network Configuration section Where available, the page will allow users to apply or cancel their actions. To apply all changes, select “Apply” and the new values will be applied to the configuration. If you do not want to save the new values, simply click “Cancel” and all changes made will be removed and the previous values restored.
Network Settings You can configure the network IP settings via VT-100 or web interface. This section describes configuration through the web interface. IP Configuration The Console Server requires a valid IP address to operate within the user’s network environment. If the IP address is not readily available, contact the system administrator to obtain a valid IP address for the Console Server.
Network Settings section IP Filtering The IP filtering function keeps unauthorized hosts from accessing the Console Server by specifying rules. The IP address/mask specifies the host range by entering the base host IP address followed by “/” and the subnet mask (“/” is a required separator between the IP address and the subnet mask). The host IP addresses are filtered based on the rule defined. The table below provides examples of IP address/mask settings.
Network Settings When the Console Server receives a TCP packet, it will process the packet with the chain rule depicted below. The process order is important—the packet will enter the chain rule 1 first. If it meets the rule, then it will take action; otherwise, it will go on to chain rule 2. Fig. 4 Chain Rule of IP Filter You can add a new IP filtering rule by setting the properties at the next available add line. Once the rule is entered, click “Add” to save the action.
Network Settings section After these rules are applied, only the hosts that belong to the subnet 192.168.2.x can access the Console Server (through http port 80). In addition to the IP filter chain rule mentioned above, the web interface also provides a convenient way to enable/disable telnet (port 23) or the web-configuration port (port 80/443). These services are mainly for the Console-Server configuration.
Network Settings Dynamic DNS If a user connects the Console Server to a DSL line or uses a DHCP configuration to get a dynamic IP address from the network, the IP address might change. This can make it difficult to know if an IP address has changed, or what the new IP address is. Belkin Serial Console Ethernet Server Router/NAT Network Administrator DDNS Server Fig. 5 Dynamic DNS The Dynamic DNS service is provided by various ISPs and organizations to deal with the above issue.
Network Settings section Note: The domain-name field requires a Qualified Domain Name (FQDN) instead of just a registered host name. RADIUS Authentication is the process of identifying an individual, usually based on a user name and password. The Console Server supports various authentication options, such as “Local” and “RADIUS”, to authenticate the users who access the serial port. When the authentication is set to “Local”, the unit will use its own user list to authenticate a user.
Network Settings RADIUS-Server Configuration Note: In order to make RADIUS service effective, a RADIUS server must be installed prior use. HTTPS/SSL The Console Server supports both HTTP and HTTPS (HTTP over SSL) services simultaneously. You can enable or disable security function of each port individually. HTTPS provides a secure, encrypted web interface over SSL (secure sockets layer). The following steps should be used for HTTPS protocol: 1. Change the URL from “http://xxx.xxx.xxx/” to “https://xxx.
Serial Ports section Configuration Under the “Serial” menu heading, click “Configuration” to show the port summary list. Note that if the “Serial Port” is disabled, the “Serial port configuration” panel will display the port in a dark gray font. An enabled serial port will be displayed in a white bold font. Port Authentication Authentication is the process of identifying an individual, usually based on a user name and password.
Serial Ports Port Enable/Disable Each serial port can be individually enabled or disabled. A disabled serial port cannot be accessed by a user. Users can reset the serial port to default settings by clicking the “Set to default” button. Port Title Users can enter descriptive information for each port based on the device attached to it. We can use the shortcut, “--Jump to--”, in the upper-right corner to select and configure a different port.
Serial Ports section Operation Modes The Console Server unit provides four types of operation modes. These are described below. Note: • The last port (e.g., port 16) can also be used as “External ESP (Entry Serial Port)” in “Serial-to-Serial” operation mode. Refer to the “Serial-to-Serial Function” section for details. Console-Server Mode Configuring a serial port as a console server creates a TCP socket on the unit that listens to a telnet or SSH client connection.
Serial Ports The following parameters are configurable in console-server mode: Listening TCP Port Number You can also access a serial port through the IP address of the Console Server and the listening TCP port number of the serial port. If the IP address of the Console Server and the serial port are assigned as 192.168.123.100 and the listening TCP port number is 4001, the user can connect to the port as follows: telnet 192.168.123.100 4001 Protocol Select “Telnet”, “SSH”, or “Raw TCP” as the protocol.
Serial Ports section In order to terminate a telnet/SSH/RawTCP session in terminal-server mode, you may use these three control-key sequences (Ctrl-Z / Ctrl-X / Ctrl-C). Dial-in Modem Mode In this mode, the Console Server assumes an external modem is attached to the serial port and waits for a dial-in connection from a remote site. When a user dials in using a terminal application, the Console Server will accept the connection and display the appropriate prompt or menu for the user that logged in.
Serial Ports Port Logging While in console-server mode, the data received from the tracking serial port will be buffered in the unit’s memory. The “Port logging” feature is valid and visible only if the operation mode of the serial port is configured to console-server mode. If the “Port logging” option is enabled, the user can let the Console Server search a defined keyword from the port-logging data and send an email to an administrator by “Port event handling” configurations.
Serial Ports section Click “Port event handling”. The memory buffer size for logging data is 192K per port. If the log data grows larger than the memory size, the new data will overwrite the old data. Break Function In console-server mode, the Console Server is capable of sending a “break” signal to a connected serial device. A break is sometimes used to reset a communications line or change the operating mode of communications hardware, such as a MODEM.
Serial Ports Use the hyperlink located at the bottom of the Connect Page to test your Java compatibility. Or use the link below to download the latest Java version. Make sure that you enable your browser’s Java support option and also check your Java Runtime Environment version (known as JRE version). You will need version 1.6.0 or above if you also need secure HTTP service (HTTPS). Note: • In order to run this function, the system requires installing JRE version 6.0 and above.
Serial Ports section 2. Enter the user name and password to log in, so you can start to use it as if you were running a telnet client program (e.g., Telnet DOS program, PuTTY). Note: The active serial port’s name will appear on the window bar. A connection-status indicator will also appear on the lower-right side of the window.
Serial Ports Serial-to-Serial Function The serial-to-serial function allows you to use a simple terminal device (video display and keyboard) to access and control any device connected to the Console Server on ports 1 through 15. You may also use an external terminal converter, like the Belkin F1D084Eea, to connect your Console Server to a KVM switch and consolidate the control. Installation To install, connect your terminal device to port 16 of the Console Server.
Serial Ports section Note: • In order to show the following serial-to-serial configuration screen, you need to enable the serial-to-serial function. The default baud rate is fixed as 9600 8N1 (not reconfigurable) in order to get the best compatibility with third-party terminal monitor devices. 5. Choose the port number to which you wish to connect and the screen below will appear. 6. Type in the user name and password.
Serial Ports The web page also gives read-only settings of the serial-to-serial function; it will automatically change according to the setting change on the VT-100 console. Click “Cancel” to refresh the values.
System Status and Log section System Status The “System Status” page lists current system information such as name, serial number, firmware versions, MAC address, current time, and the network settings. Data cannot be changed from this page. This page refreshes automatically every 10 seconds.
System Status and Log System Logging You may enable or disable the system-logging process and set the log buffer size. The system log buffer’s default value is 50K bytes and can be allocated to up to 300KB maximum. If the logged data grows larger than the pre-allocated buffer size, the new data will overwrite the old data.
System Administration section User Administration At start-up, the system will prompt the user to enter the password to access the system. The administrator can add or remove a user easily via the web pages. There are two levels of access privileges: User Name Default Password admin admin Access Privileges Full access (user define) (user define) Only can access “Serial Port” and “System Status” An “Access Deny” page will display if the user is not authorized to access the web page.
System Administration The figure below shows the “Add User” screen. The new user will now appear under the “User Name” list. Remove User To remove a user: • Check the users on the “User administration” screen.
System Administration section Edit the Access Control list (ACL) The Console Server provides ACL (Access Control List) security where you can specify user access discretely by individual ports only, instead of all ports. To edit the ACL: • Check the users on the “User administration” screen. • Click the “Edit” icon. • Enter the user name and password. • Select the port you wish to access. • Click the “Submit” button.
System Administration Change Password To change the parameters of the user account, open the “Edit user” screen by selecting the user name on the “User Configuration” screen and then edit the parameters of the user account such as adding a user. Date and Time (NTP) The Console Server maintains current date and time information. The clock and calendar settings are backed up by an internal battery. The user can change the current date and time. There are two options for setting the date and time.
System Administration section Note: • The Console Server provides RTC (Real-Time Clock) function powered by a lithium battery (CR2032, 3V). So the date/time will be maintained even if the unit encounters a power loss. • I f you repeatedly lose the date/time information, please replace the battery. • eplace the 3-volt CR2032 battery only with the same or equivalent type R recommended by the battery manufacturer. A new battery can explode if it is incorrectly installed.
System Administration Warning!!! DO NOT disconnect the power or the Ethernet cable during this upgrading process. Doing so may cause upgrade failure and destroy the image in memory. The Console Server will automatically initiate a self-reboot upon completion of the upgrade process to activate the new firmware. Once the counter expires, the browser will redirect you to the log-in home page. You can refer to the “System Status” page to check the firmware version and confirm the upgrade operation.
System Administration section Once all certificate files are uploaded, users shall initiate a reboot command manually to make the new certificate effective. Browse prepared CA files (follow the procedure in Appendix E to prepare correctly the three CA files with the same assigned file names), and upload these files to the Console Server. Please double-check each file before uploading. A false CA file suite may disable secure HTTP function.
System Administration 46
System Administration section The other way to tell a secure web connection from an unsafe one is by looking for a lock symbol on your browser (bottom-right corner of Internet Explorer browser). You can doubleclick on the symbol to examine the detailed information of the server-side certificate. Once you have prepared a publicly signed CA suite of files, upload them from the “SSL Certificate” page. A system reboot is required to take into effect.
System Administration 48
System Administration section Reset to Factory-Default Settings To roll back to factory-default settings, click on “Apply”. Reboot You can trigger the Console Server to perform a software reboot via the network. The reboot function is mandatory when the CA-certificate upload is complete.
Technical Data Default Settings Server Name BelkinSC DHCP Enabled IP Address 192.168.2.156 Net Mask 255.255.255.0 Gateway 192.168.2.
Appendix A: Adapters F1D120ea (RJ45F–DB9F DTE) DB9 Female DTE Adapter Applications: Bay Accelar, Nortel, etc.
Appendix A: Adapters F1D122ea (RJ45F–DB25M DCE) DB25 Male DCE Adapter Applications: Modems Part No: F1D122ea - Single Pack Adapter Signal RJ45 DB25M DSR 1 6 RTS 2 4 GND 3 5 TxD 4 2 RxD 5 3 DCD 6 1 CTS 7 5 DTR 8 20 F1D123ea (RJ45F–DB25M DTE) DB25 Male DTE Adapter Applications: Sun SPARC, etc.
Appendix A: Adapters F1D124ea (RJ45F–RJ45M CISCO) RJ45 Male Adapter Applications: Sun devices Part No: F1D124ea - Single Pack F1D124ea8PK - 8 Pack Adapter Signal RJ45 RJ45M DSR 1 2 RTS 2 8 GND 3 TxD 4 6 RxD 5 3 CTS 7 1 DTR 8 7 4 5 53
Appendix B: Ethernet Pin-Outs (RJ45) Standard Ethernet Cable RJ45 Pin-Out 54 Pin Description 1 Tx+ 2 Tx- 3 Rx+ 4 NC 5 NC 6 Rx- 7 NC 8 NC
Appendix C: Well-Known TCP/UDP Port Numbers Port numbers are divided into three ranges: Well-Known Ports, Registered Ports, and Dynamic and/or Private Ports. Well-Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151. Dynamic and/or Private Ports are those from 49152 through 65535. Well-Known Ports are assigned by IANA, and on most systems, can only be used by system processes or by programs executed by privileged users.
Appendix D: Protocol Glossary BOOTP (Bootstrap Protocol) Similar to DHCP, but for smaller networks. Automatically assigns the IP address for a specific duration of time. CHAP (Challenge Handshake Authentication Protocol) A secure protocol for connecting to a system; it is more secure than the PAP. DHCP (Dynamic Host Configuration Protocol) Internet protocol for automating the configuration of computers that use TCP/IP.
Appendix D: Protocol Glossary NTP (Network Time Protocol) A protocol used to synchronize time on networked computers and equipment. PAP (Password Authentication Protocol) A method of user authentication in which the user name and password are transmitted over a network and compared to a table of name-password pairs. PPP (Point-to-Point Protocol) A protocol for creating and running IP and other network protocols over a serial link.
Appendix E: Creating CA Files The Console Server supports secure web-page configuration (aka https). There are two types of certificate files for server-side authentication. • elf-signed: Users can create the certificate files by themselves. The downside is S that the client will be prompted to accept a certificate signed by an authority not known to the browser. Usually the client browser will have to accept the certificate only once and it will not be prompted further.
Appendix E: Creating CA Files ii) Strip passphrase: openssl rsa -in cakey.pem -out cakey-nopassword.pem iii) Combine the key and X.509 certificate files into server.pem: cat cakey-nopassword.pem cacert.pem > server.pem iv) Collect all 3 PEM files and prepare to upload to IPCS server: server.pem , cacert.pem , cakey.pem 2. Signed by trustworthy CA: i) Prepare private key cakey.pem: openssl genrsa –des3 –out cakey.
Information FCC Statement DECLARATION OF CONFORMITY WITH FCC RULES FOR ELECTROMAGNETIC COMPATIBILITY We, Belkin International, Inc., of 501 West Walnut Street, Compton CA 90220, declare under our sole responsibility that the product: F1DP116S, to which this declaration relates: Complies with Part 15 of the FCC Rules.
Information What will we do to correct problems? Product Warranty. Belkin will repair or replace, at its option, any defective product free of charge (except for shipping charges for the product).
Information How state law relates to the warranty. THIS WARRANTY CONTAINS THE SOLE WARRANTY OF BELKIN. THERE ARE NO OTHER WARRANTIES, EXPRESSED OR, EXCEPT AS REQUIRED BY LAW, IMPLIED, INCLUDING THE IMPLIED WARRANTY OR CONDITION OF QUALITY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND SUCH IMPLIED WARRANTIES, IF ANY, ARE LIMITED IN DURATION TO THE TERM OF THIS WARRANTY. Some states do not allow limitations on how long an implied warranty lasts, so the above limitations may not apply to you.
63
OmniView Serial Console Server ® Free Tech Support* You can find additional support information on our website www.belkin.com through the tech-support area. If you want to contact technical support by phone, please call the number you need from the list below*.